CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.1)  
Search by ID:

CWE-663: Use of a Non-reentrant Function in an Unsynchronized Context

Individual Definition in a New Window
Use of a Non-reentrant Function in an Unsynchronized Context
Status: Draft
Weakness ID: 663 (Weakness Base)
Description
Summary

The software calls a non-reentrant function in a context where a competing thread may have an opportunity to call the same function or otherwise influence its state.

Potential Mitigations

Use reentrant functions if available.

Add synchronization to your non-reentrant function.

In Java, you can use the ReentrantLock Class.

References
Dipak Jha (dipakjha@in.ibm.com), Software Engineer, IBM. "Use reentrant functions for safer signal handling". <http://www.ibm.com/developerworks/linux/library/l-reent.html>.
Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness BaseWeakness Base662Insufficient Synchronization
Research Concepts (primary)1000
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ParentOfWeakness VariantWeakness VariantWeakness Variant558Use of getlogin() in Multithreaded Application
Research Concepts (primary)1000
Time of Introduction
* Architecture and Design
* Implementation
Content History
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated References, Potential_Mitigations, Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, References
Back to top
Page Last Updated: November 24, 2008
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us